Deploy Intel QAT on Ubuntu

2021/01/27 | 访问量: Crypto

Your distribution may already have the Intel QAT drivers, but it is likely they do not contain the necessary user space components. These instructions guide the user on how to download the kernel sources, compile kernel driver modules against those sources, and load them onto the host.

Introduction

Intel QuickAssist Technology (Intel QAT) is developed by Intel and runs on Intel® architecture providing security and compression acceleration capabilities to improve performance and efficiency. It offloads workloads from the CPU to hardware. Server, networking, big data, and storage applications use Intel QAT to offload compute-intensive operations, such as:

  • Symmetric cryptography functions, including cipher operations and authentication operations.
  • Public key functions, including RSA, Diffie-Hellman, and elliptic curve cryptography.
  • Compression and decompression functions, including DEFLATE.

Intel QAT has improved the function of in many areas, such as Hadoop* acceleration, OpenSSL integration, SDN and NFV Solutions Boost and so on. On a more detailed level, we can get the benefits from the following aspects:

  • 4G LTE and 5G encryption algorithm offload for mobile gateways and infrastructure.
  • VPN traffic acceleration, with up to 50 Gbps crypto throughput and support for IPsec and SSL acceleration.
  • Compression/decompression, with up to 24 Gbps throughput.
  • I/O virtualization using PCI-SIG Single-Root I/O Virtualization (SR-IOV).

Requirements

Hardware

  • Intel QAT device on your machine with the following forms:
    • Chipset: Intel® C6xx series chipset
    • PCIE: Intel® QuickAssist Adapter 89xx
    • SoC: Intel Atom® C3000 processor series (Denverton NS) / Rangeley
  • Ensure SR-IOV and VT-d are enabled in BIOS

Software

  • Enable IOMMU and reboot

    Enable IOMMU support by setting the correct kernel parameter depending on the type of CPU in use:

    • For Intel CPUs (VT-d) set intel_iommu=on
    • For AMD CPUs (AMD-Vi) set amd_iommu=on

    You should also append the iommu=pt parameter. This will prevent Linux from touching devices which cannot be passed through.

    Edit the file /etc/default/grub and change the GRUB_CMDLINE_LINUX

    vim /etc/default/grub
    # Change and save
    ...
    GRUB_CMDLINE_LINUX="iommu=pt, intel_iommu=on, apparmor=0"
    ...
      
    sudo grub2-mkconfig -o /boot/grub2/grub.cfg
    sudo reboot
      
    # We can check it
    dmesg | grep -i iommu
    [    0.000000] DMAR: IOMMU enabled
    
  • Install needed software package

    # For CentOS
    yum -y groupinstall "Development Tools"
    yum -y install pciutils
    yum -y install libudev-devel
    yum -y install kernel-devel-$(uname -r)
    yum -y install gcc
    yum -y install openssl-devel
      
    # For Ubuntu
    apt-get update
    apt-get install pciutils-dev
      
    # For Fedora
    dnf groupinstall "Development Tools"
    dnf install gcc-c++
    dnf install systemd-devel
    dnf install kernel-devel-`uname -r`
    dnf install elfutils-devel
    dnf install openssl-devel
    

Quick Start

  1. Get the Intel QAT driver from 01.org

    mkdir qat_driver
    cd qat_driver
    wget https://01.org/sites/default/files/downloads//qat1.7.l.4.12.0-00011.tar.gz
    tar zxvf qat1.7.l.4.12.0-00011.tar.gz
    
  2. Configure the Intel QAT driver

    # You can list the configuration by this command
    ./configure -h
    # We need enable the Intel QAT sriov
    ./configure --enable-icp-sriov=host
    
  3. Build driver and install driver and samples

    make
    make install
    make samples-install
    
  4. We need load the driver module for VFs and check

    lsmod | grep qa
      qat_c62xvf             16384  0
      qat_c62x               20480  0
      intel_qat             212992  3 qat_c62x,usdm_drv,qat_c62xvf
      uio                    20480  1 intel_qat
    modprobe vfio-pci
    modprobe uio
    
  5. Start QAT service

    # Start QAT and QAT VFs service
    service qat_service restart
    service qat_service_vfs restart
    # Check the devices status
    adf_ctl status
    
  6. Custom configuration

    edit /etc/c6xx_dev*.conf for Intel QAT PFs

    edit /etc/c6xxvf_dev*.conf for Intel QAT VFs

  7. Test the sample code

    cd build
    export LD_LIBRARY_PATH=`pwd`
    ./cpa_sample_code signOfLife=1
    

Then you can assign the Intel QAT VFs to your containers or your VMs by PCI-passthrough

Search

    Table of Contents

    本站总访问量: